The ups has data output to my firewall/router via usb, which the baremetal servers all connect to via apcupsd. When the ups loses or regains AC power, it broadcasts a message to all of them and they’re each scripted to act accordingly: laptops run on their own batteries, vms migrate over to laptops, non-vital hardware shuts down, etc.
Some laptop battery firmware allows you to force discharge even when connected to AC, and if your laptop can use the tlp recalibrate or tlp discharge commands then yours is supported.
I use this to power my thinkpad servers off of their own batteries during a power outage, to reduce load on my UPS. Great feature.
TL;DR: someone goes on Tucker Carlson’s podcast and claims that nearly the entire GDP of the US (Trillion with a T was not a typo) was spent building secret underground cities.
In my experience, mounting some thinkpad servers to the wall above the rack gives the homelab a very International Space Station feel.
I switched a workstation to Secureblue for the very specific security priorities targeted by that project, but I think for the majority of users, the main reason for not switching to atomic is one you mentioned: why fix what isn’t broken? The main selling point promoted to potential new users seems to be that updates don’t break anything, but I can’t remember a single time since Debian Sarge that an update broke anything for me, and I actually find the rpm-ostree package layering and updating process to be far more of a headache than otherwise.
Unless it’s prepackaged like a steam deck, moving from the traditional way of doing things to atomic is a major change. Like any major change, people need a good reason to make it, and I think right now the only compelling ones are either hyper-specific (switching to okd and needing to build it on coreos, wanting to move to a specific atomic project, etc.), or just general curiosity.
That’s why you can adjust swappiness, or designate a different high-endurance storage device for it.
I throw dust jackets away immediately, because I think they’re an abomination and books look and feel better without them. And then I dog-ear the pages because it gives them character.
I must be extra chaotic extra evil.
Unless “read-only” is being enforced by hardware (reading from optical media, etc), a compromised sudo user can circumvent anything, and write anywhere. A read-only flag or the root filesystem being mounted from somehwere else are just trivial extra steps in the way.
Improved security != extremely secure, is all I’m saying. There are a lot of things that go into making a system extremely secure, and while an immutable root filesystem may be one of them, it doesn’t do the job all on its own as advertised in this post.
The root filesystem is being read from somewhere, and if it’s being read from, it can be written to. Having an extra step or two in the way doesn’t make it “extremely secure”.
The top issue from this similar joke repo I feel sums up the entire industry right now: https://github.com/rhettlunn/is-odd-ai
I tried to buy a drink on a united flight once, and the poor guy had to tell me the only way I could pay for it was to download the united airlines app via the in-flight wifi and enter my card details there. Which I couldn’t do, so fuck me I guess.